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Abstract — Instances of logical cryptanalysis, circuit veriflca- 
tion, and bounded model checking can often be succinctly 
represented as a combined satisfiability (SAT) problem where 
an instance is a combination of traditional clauses and parity 
constraints. This paper studies how such combined problems can 
be efficiently solved by augmenting a modern SAT solver with an 
xor-reasoning module in the DPLL(XOR) framework. A new xor- 
reasoning module that deduces all possible implied literals using 
incremental Gauss- Jordan elimination is presented. A decomposi- 
tion technique that can greatly reduce the size of parity constraint 
matrices while allowing still to deduce all implied literals is 
presented. It is shown how to eliminate variables occuring only 
in parity constraints while preserving the decomposition. The 
proposed techniques are evaluated experimentally. 

I. Introduction 

Propositional satisfiability (SAT) solvers (see e.g. |[T]) pro- 
vide a powerful solution technique in many industrial ap- 
plication domains. Representing an instance of propositional 
satisfiability in conjunctive normal form (CNF) allows very 
efficient Boolean constraint propagation and conflict-driven 
clause learning (CDCL) techniques. However, CNF-based 
solvers can scale poorly on instances consisting on straight- 
forward CNF-encoding of parity (xor) constraints |2|. Such 
xor-constraints occur frequently in domains such as logical 
cryptanalysis, circuit verification, and bounded model check- 
ing. Considering this and recalling that an instance consisting 
only of xor-constraints can be solved in polynomial time using 
Gaussian elimination, it is no wonder that many approaches 
for combining CNF-level and xor-constraint reasoning have 
been presented f3], H, 0, B, Q, i), H, QOl, E], d, 
|fT3l . lfT4l . These approaches extend CNF-level SAT solvers 
by implementing different forms of constraint propagation for 
xor-constraints, ranging from plain unit propagation via equiv- 
alence reasoning to Gaussian elimination. Compared to unit 
propagation, which has efficient implementation techniques, 
equivalence reasoning and Gaussian elimination allow stronger 
propagation but are computationally much more costly. 

In this paper we make two contributions in this field. First, 
we present an xor-reasoning technique based on Gauss-Jordan 
elimination that provides complete constraint propagation for 
xor-constraints in the following sense: Given a conjunction 
0xor of xor-constraints and values for some of its variables 
(so-called xor-assumptions provided by the CNF-level master 
search engine), the module can (i) decide whether 0xor is sat- 



isfiable under the xor-assumptions, and (ii) find all the literals 
and equivalences implied by (/)xoi and the xor-assumptions. 
This is better than (i) equivalence reasoning which cannot 
always decide the satisfiability or find all the implied literals, 
and (ii) Gaussian elimination which can decide satisfiability 
but not necessarily finds all the implied literals (as illustrated 
in Sect, [mtp] 

Our second contribution is a new decomposition theorem 
that sometimes allows us to split the xor-constraint part 
0XO1 into components that can be handled individually. This 
technique supersedes the well-known "connected components" 
approach that exploits variable disjoint components of ^xor- 
Instead, we use a variant of "biconnected components" by 
splitting 0XO1 into components that can be connected to each 
other only by single cut variables. We prove that if we can 
provide full propagation for each of the components, we 
have full propagation for the whole xor-part (p^oi- as well. We 
show how the structure of biconnected components can be 
preserved while eliminating most of the variables occurring 
only in the xor-part leading to more compact representation of 
the formula. The presented xor-reasoning, decomposition, and 
variable elimination techniques are evaluated experimentally 
on large sets of benchmark instances. The proofs of Lemmas 
and Theorems can be found in the appendix. 

II. Preliminaries 

Let B = {_L, T} be the set of truth values "false" and "true". 
A literal is a Boolean variable x or its negation (as usual, 
^^x will mean x), and a clause is a disjunction of literals. If 
(j) is any kind of formula or equation, (i) vars(0) is the set of 
variables occurring in it, (ii) lits((/)) — {x,^x \ x G vars(0)} 
is the set of literals over vars((/)), and (iii) a truth assignment 
for (f> is a, possibly partial, function r : vars((/)) B. A truth 
assignment satisfies (i) a variable x if t{x) = T, (ii) a literal 
^x if t{x) — _L, and (iii) a clause {li V .. V Ik) if it satisfies 
at least one literal li in the clause. 

An xor-constraint is an equation of form xi (B ■■■ (B Xk = p, 
where the x^s are Boolean variables and p e B is the parity]^ 

'We've just learn ed th at the use of Gauss- Jordan has also been indepen- 
dently discovered in fl51: the main difference to our work is that we (i) do not 
consider Craig interpolants but (ii) can also find all the implied equivalences. 

^The correspondence of xor-constraints to the "xor-clause" representation 
used e.g. in 1111 . 1131 . 1141 is straightforward: xi ©...©xj; = T corresponds 
to the xor-clause (xi © ...©xj.) and zi © ...©xj. = ± to (x'l ©...©a;^; ©T). 



We implicitly assume that duplicate variables are always 
removed from the equations, e.g. © 2:2 © a;i © ^3 = T is 
always simplified into X2 © xa = T. If the left hand side does 
not have variables, then it equals to _L; the equation _L = T is 
a contradiction and _L = _L a tautology. We identify the xor- 
constraint x = T with the literal x and x = J- with -^x. A truth 
assignment r satisfies an xor-constraint (xi © ... © x^ = p) if 
t{xi) © ... ©r(a;fc) = p. 

A cnf-xor formula is a conjunction 0oi- A (pxor, where (j>or 
is a conjunction of clauses and 0xor is a conjunction of xor- 
constraints. A truth assignment satisfies i/ior A (/)xoi- if it satisfies 
every clause and xor-constraint in it. 

A. DPLL(XOR) and Xor-Reasoning Modules 

We are interested in solving the satisfiability of cnf-xor 
formulas of the form (pgy- A (?!)xor defined above. Similarly to 
the DPLL(T) approach for Satisfiability Modulo Theories, see 
e.g. HSl, HTl, the DPLL(XOR) approach 1 1 1 1 for solving cnf- 
xor formulas consists of (i) a conflict-driven clause learning 
(CDCL) SAT solver that takes care of solving the CNF-pait 
(pot, and (ii) an xor-reasoning module that handles the xor-part 
(^xor- The CDCL solver is the master process, responsible of 
guessing values for the variables according to some heuristics 
("branching"), performing propagation in the CNF-part, con- 
flict analysis, restarts etc. The xor-reasoning module receives 
variable values, called xor-assumptions, from the CDCL solver 
and checks (i) whether the xor-part can still be satisfied under 
the xor-assumptions, and (ii) whether some variable values, 
called xor-implied literals, are implied by the xor-part and 
the xor-assumptions. These checks can be incomplete, like 
in Ol, Llll for the satisfiability and in |13J, LIOJ for 
the implication checks, as long as the satisfiability check is 
complete when all the variables have values. 

The very basic interface for an xor-reasoning module can 
consist of the following methods: 

• init((^xor) initializes the module with 0xor- It may return 
"unsat" if it finds (/)xoi- unsatisfiable, or a set of xor-implied 
literals, i.e. literals I such that 0xor H ^ holds. 

• assume(?) is used to communicate a new variable value 
I deduced in the CNF solver part to the xor-reasoning 
module. This value, called xor-assumption literal I, is 
added to the list of current xor-assumptions. If [li, ...^Ik] 
are the current xor-assumptions, the module then tries to 
(i) deduce whether (/)xoi-A/i A... A/fc became unsatisfiable, 
i.e. whether an xor-conflict was encountered, and if this 
was not the case, (ii) find xor-implied literals, i.e. literals 
I for which (/)xor A A ... A /fc 1= Z holds. The xor-conflict 
or the xor-implied literals are then returned to the CNF 
solver part so that it can start conflict analysis (in the 
case of xor-conflict) or extend its current partial truth 
assignment with the xor-implied literals. 

In order to facilitate conflict-driven backjumping and 
clause learning in the CNF solver part, the xor-reasoning 
module has to provide a clausal explanation for each xor- 
conflict and xor-implied literal it reports. That is. 



- if 0xorA/iA...A/fe is deduced to be unsatisfiable, then 
the module must report a (possibly empty) clause 
{-^I'l V ... V -^I'ra) such that (i) each l[ is an xor- 
assumption or an xor-implied literal, and (ii) i/ixor A 
I'l A ... A l'^ is unsatisfiable (i.e. 0xor H (^^'1 V •.• V 
-C));and 

- if it was deduced that (/)xor Ah A ... Alk \— I for some 
I, then the module must report a clause {^I'l V ... V 
—•I'^yl) such that (i) each is an xor-assumption or 
an xor-implied literal reported earlier, and (ii) 0xor A 
/; A ... A C h I i-e. 0xor h (-^'1 V ... V -4 V f). 

• backtrack() retracts the latest xor-assumption and all the 
xor-implied literals deduced after it. 

Naturally, variants of this interface are easily conceivable. For 
instance, a larger set of xor-assumptions can be given with the 
assume method at once instead of only one. 

For xor-reasoning modules based on equivalence reasoning, 
see (TT\, fT3\. The Gaussian elimination process in ifTOl , IIT2I 
can also be easily seen as an xor-reasoning module. 

III. Incremental Gauss-Jordan Elimination 

We now develop an xor-reasoning technique that can, given 
a conjunction (j>^or of xor-constraints and a conjunction /1A...A 
Ik of xor-assumption literals, (i) decide whether 0xorA/iA...AZfe 
is satisfiable or not, and (ii) if it is, to find all the literals 
and equivalences implied by ^xor A li A ... A Ik. The proposed 
technique can be seen as an incremental. Boolean-level version 
of the Gauss-Jordan elimination process, or a Boolean-level 
variant of the linear arithmetic solver described in [18]. 

Before going into the details, let us first briefly note why 
Gaussian elimination, used e.g. in Cryptominisat (lU\, fl2l 
version 2.9.2, is not enough to find all the implied literals 
(although it can detect unsatisfiability perfectly). Basically, 
the reason is that Gaussian elimination presents the xor- 
constraints in (/)xoi with a row echelon form matrix, where 
pivoting upwards is not performed. As an example, consider 
the row echelon form matrix-like representation 

a;i©a;2 ©0:4 = T 
a;2©a;3 ©X5 = _L 

X3Q)X4®X5 = T 

for a conjunction ^xor of xor-constraints. It is easy to deduce 
from this that (f>^or is satisfiable but not that xi must always 
be false, i.e. that (/)xoi- H ^'1 = -L- 

A. Tableaux i.e. Reduced Row Echelon Form Matrices 

We begin by giving an equation form representation and the 
basic operations we need for reduced row echelon matrices. 
A tableau for a satisfiable conjunction 0xor of xor-constraints 
is a set S of equations of form Xi := Xi^i © ... © Xi^ki ® Pi, 
where Xi,Xi^i,..., Xi,ki are distinct variables in i/ixor and pi e B. 
Furthermore, it is required that 

1) each variable x G vars(^xor) occurs at most once as the 
left hand side variable in the equations in £, 



6®d®e = T). A tableau for it is 



2) if a variable x G vars(0xor) occurs as the left hand side 
variable in an equation, then it does not occur in the 
right hand side of any equation, and 

3) Aa;,:=2;,,ie...ea;,,fc;epief ® ^'.1 ® ■•■ ® ^^'^^ = 
logically equivalent to 0xor- 

The variables of 0xoi occurring as left hand side variables 
in the equations are called basic variables while the others 
are non-basic variables in £. If £ has n non-basic variables, 
then 0xor has 2" satisfying truth assignments. Observe that 
a tableau can be seen as a linear arithmetic modulo 2 matrix 
equation; under a variable order where basic variables are first, 
the matrix will be in the reduced row echelon form. 

Example 1: Take the conjunction (a ® c ® e = T) A (a i 

' a := c ®e®T 
b c®d ®_L 

ox [a b c d =^ as, di matrix equation; the first 

matrix is in the reduced row echelon form. 

Given a conjunction 0xor = DiA...AD,n of xor-constraints, 
it is easy to build a tableau for it (or to detect that the 
conjunction is unsatisfiable, in which case it does not have 
a tableau). We start with the empty tableau, and for each xor- 
constraint D in the conjunction apply the following: 

1) EUminate each basic variable in D by substituting 
it with the right hand side of the equation Xi := 
Xi,i ® ■•■ (B Xi^ki ® Pi already in the tableau, then sim- 
plify the resulting xor-constraint. 

2) (i) If the resulting xor-constraint is (_L = _L), then D 
is a linear combination of the xor-constraints already in 
the tableau and nothing is added in the tableau. 

(ii) If the resulting xor-constraint is (_L = T), then D is 
contradicting the xor-constraints already in the tableau 
and the conjunction 0xor is unsatisfiable. 

(iii) Otherwise, all the variables in the resulting xor- 
constraint {yi®y2® ■■■®yk = p) ^"e non-basic variables. 
Pick one of these variables, say j/i, insert the equation 
Vi 2/2 ffi ■•■ ffl ffi P in the tableau, eliminate yi from 
the right hand sides of other equations by substituting it 
with ?/2 ffi ••■ ffi i/fe ® p, and simplify the right hand sides 
of the equations. 

Example 2: Take again the satisfiable conjunction (a ® c ® 
e = T) A (a ® 5 ® d ® e = T). When inserting (a ® c ® e = 
T) into the empty tableau, we may select a to be the basic 
variable and get the tableau {a := c ® e ® T}. Next inserting 
(a®6®(i®e = T), we first substitute a with its definition 
c® e® T, get (6®c®(i = _L), select 6 to be a basic variable, 
and obtain the tableau {a := c ® e ® T, 6 := c ® d ® _L}. 

In the following, we must be able to transform a basic 
variable into a non-basic one. To do this, we must make a non- 
basic variable basic. If a; is a basic variable with the equation 
X := j/i ® ... ® j/i ® ... ® ® p in a tableau £, we define 
swa,p{£ , X , yi) to be the tableau obtained as follows: 

1) remove x :— yi (B ■■■ (B yi (B ■■■ (B yk ® P from £, 

2) add y, := yi ® ... ® y^-i ® a; ® y^+i ® ... ® ® p in 
£, and 

3) remove yi from the right hand sides of the other equa- 



tions by substituting its occurrences with yi®...®j/f 



x®yi+i ® ... ® 
Example 3: If £ ^ 



swap(£, b, c) = 



yk ®P- 
a -.^ c ®e®T 
b := c®d ®_L 

= 6®d®e®T" 
= b®d ®_L 



then we have 



B. Handling Xor- Assumptions: Assigned Tableaux 

We now show how to handle xor-assumptions, i.e. to decide 
whether ^xoi- A A ... A Ik is still satisfiable, and if yes, to find 
all the literals and equivalences impUed by 0xor A A ... A Z^.. 
To do these, we introduce a concept of assigned tableaux. To 
facilitate easy backtracking, i.e. removal of xor-assumptions, 
the key idea here, similarly to lITSl . is to not remove variables 
from the tableau when new xor-assumptions are made but 
handle them separately. In this way backtracking simply 
amounts to retracting xor-assumptions. 

Formally, an assigned tableau for 0xor is a pair (£,r) 
such that (i) f is a tableau for 0xor, and (ii) r is a, usually 
partial, truth assignment for 0xor in which we collect the xor- 
assumptions and xor-implied literals. With respect to {£,t), 
an equation Xi := Xi^i ® ... ® Xi^ki ®Pi G f is propagation 
saturated if it holds that T{xi) is defined if and only if T{xij) 
is defined for all Xij G {xi,Xi^i, ...,Xi^ki}', the assigned 
tableau {£, r) is propagation saturated if each equation in 
it is. An equation Xi := Xi^i ... (B Xi^ki ® Pi is inconsis- 
tent if t{x) is defined for all x S {xi,Xi^i, ...,Xi^ki} and 
T{xi) ^ T{xi^i) ® ... ® T{xi^ki) (BPi', if the equation is not in- 
consistent, it is consistent. An assigned tableau is inconsistent 
if it has an inconsistent equation; otherwise it is consistent. 
A key property of a propagation saturated assigned tableau 
{£,t) is that its consistency is in one-to-one correspondence 
with the satisfiability of 0xor under the truth assignment r: 

Lemma 1: Let (£, r) be a propagation saturated assigned 
tableau for 0xor. The formula (/-xor A A(xH^i,jer(^ = ""x) is 
satisfiable if and only if , t) is consistent. 
From a consistent, propagation saturated assigned tableau it is 
also easy to enumerate all the literals that are impUed by the 
xor-constraints and the truth assignment in the tableau: 

Lemma 2: Let {£ , t) be a consistent, propagation saturated 
assigned tableau for t/ixor- For each literal y = Vy \t holds 
that 0x01- A A(xk^i,,)gt(^ = '"^) h (2/ = f'y) if and only if 

T{y) = Vy. 

In addition to implied literals, we can also enumerate all 
implied binary xor-constraints (i.e., equalities and disequalities 
between variables) as the following Lemma shows. 

Lemma 3: Let {£, t) be a consistent, propagation saturated 
assigned tableau for (/)xoi-. For any two distinct variables y, z 
and any p e B, it holds that </)xor A A(xH>«,)eT(2^ = '^a;) h 
[y (B z = p) if and only if 

1) T{y) and r(z) are both defined and t(i/) ® t{z) = p, 

2) T{y) and t(z) are undefined and £ has an equation e of 
form y :— ... (B z (B ... such that el^ is y := z ® p, where 
e\r is the equation obtained from e by substituting the 
variables in it assigned by r with their values. 



3) T{y) and r(z) are undefined and £ has an equation e of 
form z :=...© y © ... such that e\r is z :— y G)p, or 

4) T{y) and r(z) are undefined and £ has two equations, 
Cy and Bz, of forms y := ... and z ... such that ey\r 
is y := /, CzIt is z := g, and / ® g equals p. 

Example 4: Consider the assigned tableau {£, t) for a (/ixoi- 
with £ = {xi := x^® Xa® T, 2:2 := 2:3 © X4 ® ^5 ® T} and 
r = {2:5 i-> T}. Now 0xor A (2:5 = T) 1= (2:1 2:2 = T) as 
{xi := X3©X4©T)|t- is 2;i := X3®2;4©T, (a;2 := 2:302:4© 
2:5©T)|^ is X2 := 2:3©2:4©-L, and (2;3©2:4©T)©(2:3©a:4©_L) 
equals T. 

Such implied binary xor-constraints can be used to preprocess 
the cnf-xor formula and possibly also during the search; this 
topic is left for future research. 

1 ) Making the initial assigned tableau: If we have a tableau 
for 0xor (implying that (/)xoi- is satisfiable), we get a correspond- 
ing consistent, propagation saturated assigned tableau (£,t) 
by simply setting T{xi) ~ pi for each equation Xi pi in £. 

Example 5: For 0xor = (2: © y © z = T) A (y © 2: = _L) we 
may get the tableau {2: := T, y := z © _L}. The correspond- 
ing consistent, propagation saturated assigned tableau is thus 
({2: := T, y z © _L} , {x i-^. T}). 

2) Extending with new xor-assumptions: We now describe 
the central operation of extending a consistent, propagation 
saturated assigned tableau with a new xor-assumption. Given 
such an assigned tableau {£,t) and an xor-assumption literal 
X = V, define extend((f , r) , 2: = t;) to be a result of the 
following non-deterministic method assume(2: = v): 

1) If t{x) = V, return "sat, no new xor-implied literals". 

2) If t{x) 7^ V, return "unsat". 

3) If X is a basic variable in £, update £ to swap{£, x, y), 
where y is any r-unassigned non-basic variable in the 
equation for x; x is now a non-basic variable. 

4) Assign t{x) ~ v. 

5) For each equation 2 := 2: © 2:'^ © ... © 2;^^ © p in £, 
check whether t{x[) is defined for each variable x'^ 
occurring in the right hand side; if this is the case, 
evaluate the value Vz of z according to the equation 
and assign r(z) = v^- The literal z = is a new xor- 
implied literal. 

6) Return "sat" and all the new xor-implied literals found. 

Example 6: Consider the consistent, propagation saturated 

I a:= d ©/©T 
assigned tableau (£o,0), where £0 = i b := d(Be ©_L >. 

[c :^ d ©/©_L J 
To compute extend((£'o, 0) ,a = T), we first make the vari- 
able a non-basic by transforming £0 to £1 = swap(£'o, a, d) — 

{d:^a ©/©T ^ 
b a©e©/©T > and then assign a to T; the resulting 
c:= a ©T J 
consistent, but not propagation saturated, assigned tableau is 
{£1, {a T}). To make it propagation saturated, we note that 
c := a © T has all its right hand side variables assigned and 
deduce a value for c, resulting in {£1, {a 1— T, c 1— > _L}). 



3) Backtracking: Now observe the following: once an equa- 
tion has all its variables assigned, it will not be modified in 
the subsequent calls of the assume method until some of the 
variable values are retracted with the backtrack method. And 
when this happens, at least two variables lose their values so 
the equation stays propagation saturated. As a consequence, 
the tableau does not have to be modified when backtracking. 

4) Clausal Explanations: Let us study how the clausal 
explanations for xor-conflicts (step 2 in assume) and xor- 
implied literals (step 5) are obtained. 

• Under the reasonable assumption that the CNF solver 
does not make contradictory truth assignments, an xor- 
conflict can only happen when the xor-assumption x = v 
is an xor-implied literal derived earlier but ignored so far 
for some scheduling reason by the CNF-part solver Thus 
there is an equation x := yi © ... © ym © P in 5 such 
that t{x) := r(yi) © ... © r(y,„) © p and r(x) ^ v; 
the explanation is now the clause ^(yi = T(yi)) V ... V 

^(Z/m = T{y,n)) V ^(2; = v). 

• For an xor-implied literal z = derived in step 5, 
the explanation is simply a clause in the straightforward 
CNF translation of the equation, i.e. ^(2: = t{x)) V 

= r{x[)) V ... V -(2:',„ = rix'J) V (z = 

C. Implementation 

Our implementation of the incremental Gauss-Jordan xor- 
reasoning module uses a dense matrix representation where 
one element in the matrix uses one bit of memory. The xor- 
reasoning module maintains two such matrices. In the first 
matrix the rows are consecutively in the memory, and in the 
second the columns are consecutively in the memory. The first 
matrix allows efficient implementation for row operations and 
the second matrix for efficient pivoting. To detect xor-implied 
literals, each row is associated with a counter tracking the 
number of unassigned variables. When this counter is one 
(or zero), an xor-implied literal (or a potential conflict) is 
available. Upon backtracking it suffices to restore the coun- 
ters tracking unassigned variables. Gauss-Jordan xor-reasoning 
module is only used after unit propagation is saturated. To 
strengthen unit propagation over xor-constraints, explanations 
for xor-implied literals are added as learned xor-constraints. 

D. Experimental Evaluation 

To evaluate the effect of incremental Gauss-Jordan elim- 
ination in the DPLL(XOR) framework, we integrated three 
xor-reasoning modules with different deduction engines (unit 
propagation, equivalence reasoning, Gauss-Jordan) to minisat 
2.0 core. In this experiment, we focus on the domain of logical 
cryptanalysis by modeling a known-plaintext attack on stream 
cipher Trivium. The task is to recover the full 80-bit key 
when the IV and a number of cipher stream bits (8 to 16) 
are given. All instances are satisfiable and it is likely that a 
number of keys produce the same given prefix of the cipher 
stream. Figure [T] shows how unit propagation, equivalence 
reasoning, incremental Gauss-Jordan and cryptominisat 2.9.2 
perform on these instances. The strength of the deduction 
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Fig. 1. Comparison of three xor-reasoning modules (unit propagation, 
equivalence reasoning, Gauss-Jordan) and cryptominisat 2.9.2 on Trivium 



engine is well reflected in the results. The solver configuration 
relying only on unit propagation requires the most decisions. 
Equivalence reasoning gives a significant reduction in the 
number of decisions and enables the solver to solve more 
instances. The solver configuration using incremental Gauss- 
Jordan solves the highest number of instances and using fewest 
number of decisions. Considering the solving time, unit propa- 
gation can be implemented very efficiently, so easier instances 
are solved fastest using plain unit propagation. Equivalence 
reasoning incurs an additional computational overhead which 
causes it to perform slower than unit propagation despite 
the reduction in the number of decisions. Incremental Gauss- 
Jordan is computationally intensive but the reduction in the 
number of decisions is large enough to make it scale better 
for the harder instances. To illustrate the effect of xor-implied 
literals deduced by Gauss-Jordan, a solver configuration using 
Gauss- Jordan only to detect conflicts and otherwise resorting 
to unit propagation is included in the comparison. Detecting 
conflicts as early as possible does not seem to help on this 
benchmark. The lack of performance of cryptominisat 2.9.2 is 
probably due to differences in restart policies or other heuris- 
tics. Gaussian elimination as implemented in cryptominisat 
2.9.2 using row echelon form does not seem to be very useful 



in this benchmark because on majority of the instances it does 
not detect conflicts earlier nor give any xor-implied literals. 

IV. Exploiting Biconnected Components 

When using a dense representation for matrices in the xor- 
reasoning modules based on Gauss or Gauss- Jordan elimina- 
tion, the worst-case memory use is 0{ne), where n is the 
number of variables and e the number of linearly independent 
xor-constraints in (p^o^. Naturally, when the xor-part ^xor can 
be decomposed into variable-disjoint sets of xor-constraints 
(connected components of the constraint graph formally de- 
fined below), each such set can be handled by a separate xor- 
reasoning module with smaller memory requirements. When 
using a sparse matrix representation, the memory usage does 
not improve with such a connected component decomposition. 

We now give an improved decomposition technique that is 
based on a new decomposition theorem stating that, in order to 
guarantee full propagation, it is enough to (i) propagate only 
values through "cut variables", and (ii) have full propagation 
for the "biconnected components" between the cut variables. 
Thus equivalences and more complicated relationships be- 
tween variables in different biconnected components do not 
have to be considered and each component can be handled by 
a separate xor-reasoning module. 

Formally, given an xor-constraint conjunction (py^^r, we 
define that a cut variable is a variable x G vars(0xor) 
for which there is a partition (14, Vb) of xor-constraints 
in (pxor with vars(T4) n vars(Vb) = {x}; such a partition 
(K) H) is called an x-cut partition of 0xor- The bicon- 
nected components of ^xor are defined to be the equivalence 
classes in the reflexive and transitive closure of the relation 
{{D,E) I D and E share a non-cut variable} over the xor- 
constraints in (^xor- 

Example 7: Let (p^ov = (a®6®c = T)A(6®d©e = T)A 
(c©e = T)A(d©e©/ = _L)A(/©5©/i = T)A(/i®i® 
i = _L) A (i ® j ® = T) A (/ ® / ® m = T) A (Z ® n ® o = 
±). The cut variables of (/)xor are /, h and I. Thus its five 
biconnected components are (i) {(a® 6® c s T), (6® d® e = 
T), (c®e = T), (rf®e®/ = ±)}, (ii) {{f®g®h = T)}, (iii) 
{{h®i(Bj = ±),{i®j®k = T)}, (iv) {(f®l®m = T)}, 
and (v) {{l®n®o = _L)}. 

Cut variables and biconnected components are probably 
best illustrated by means of constraint graphs. Such graphs 
also give us a method for computing the cut variables, and 
consequently also the bicormected components. The constraint 
graph of an xor-constraint conjunction 0xor is a labeled bipar- 
tite graph G = {V, E, L), where 

• the set of vertices V is the disjoint union of (i) variable 

vertices V^vars = vars((/)xor) which are graphically repre- 
sented with circles, and (ii) constraint vertices K:onstrs = 
{D I D is an xor-constraint in (pxoi} drawn as rectangles, 
. E = {{x, D}\xe Fvars A D G Vconstrs A X G vars(D)} 
are the edges connecting the variables and the xor- 
constraints in which they occur, and 

• L labels each xor-constraint vertex (a;i ® ... (B Xk = p) 
with the parity p. 




T -^k 



Fig. 2. The constraint graph of the conjunction 0xor in Ex. ^ 



As usual for graphs, (i) a connected component of constraint 
graph G is a maximal connected subgraph of G, (ii) a cut 
vertex of G is a vertex in it whose removal will break 
a connected component of G into two or more connected 
components, and (iii) a biconnected component of G is a 
maximal biconnected subgraph (a graph is biconnected if 
it is connected and removing any vertex leaves the graph 
connected). 

Example 8: The constraint graph of the conjunction (/)xor in 
Ex. |7]is shown in Fig. |2] The cut vertices of it are Di, D4, 
f, i?5, h, Dq, Dj, Dg, I, and Dg. Its biconnected compo- 
nents are the subgraphs induced by the vertex sets {a,Di}, 
{Di, b, D2,d, c, I?3, e, D4}, {D4, /}, and so on. Observe that 
the biconnected components are not vertex-disjoint. 

We see that, due to the presense of the vertices for the 
xor-constraints, the biconnected components of a constraint 
graph G for 0xor do not directly correspond to the biconnected 
components of ^xor- However, the cut vertices of G, when 
restricted to variable vertices, correspond exactly to the cut 
variables of (p^or- Therefore, we have a linear time algorithm 
for computing the biconnected components of (p^or- 

1) Build (implicitly) the constraint graph G for 0xor- 

2) Use an algorithm by Hopcroft and Tarjan ||T9l to com- 
pute the biconnected components of G in linear time; as 
a byproduct, one gets all the cut vertices and thus the 
cut variables as well. 

3) Build the biconnected components of </)xor by putting 
two xor-constraints in the same component if they share 
a non-cut variable. 

A. How to Exploit 

As biconnected components are connected to each other 
only through cut variables, in the DPLL(XOR) framework we 
can actually handle them by separate xor-reasoning modules. 
In this setting a value for a cut variable deduced by some 
xor-reasoning module is communicated back to the CNF-part 
solver as an xor-implied literal, and the CNF-part solver then 
gives the value as an xor- as sumption to the other xor-reasoning 
modules. Based on the following theorem, we see that this 
kind of decomposition of 0xoi preserves full propagation in 
the following sense: if the modules can provide full prop- 
agation for each of the components, then full propagation 
is achieved for the whole xor-part (/)xoi, too. Basically the 
theorem states that only cut variable values, not equivalences 
or more complex relationships, have to be communicated 



between biconnected components. For relating the theorem to 
biconnected components, see the example after the theorem 
and observe that if Vb) is an a; -cut partition of 0xor, then 
14 and Vb are (disjoint) unions of one or more biconnected 
components of 0xor- 

Theorem 4: Let (T4, Vf,) be an a; -cut partition of 0xor- 
Let (t>l,, = Aoev^^D, 0^^, = Adgv^A and h,...JkJ € 
lits(0xor)- Then it holds that: 

• If 0xor A Zi A ... A Zfe is unsatisfiable, then 

1) (?!)xo,- All A ... Alk or 0xor A A ... A 4 is unsatisfi- 
able; or 

2) A fi A ... A 4 h = Px) and 4>^^^^ A 
h A ... Alk \^ {x = P2;®T) for some Px & {-L, T}. 

• If ^xoi-A/i A ... A Ik is satisfiable and 0xorA?i A ... A Ik \= 
I, then 

1) 0xor A [i A ... A Ik h i or 0xor ^ ^"i ^ •■■ ^ ^-k h or 

2) (pl^^ A hA ...Alk h (? = Px) and A 
li A ... Alk A {x = Px) \= I; or 

3) 0^0, A hA ...Alk h = Px) and A 
[i A ... A Ik A {x=px) h 

Example 9: Take again the conjunction (pj^or in Ex. |7] il- 
lustrated in Fig. |2] Assume the xor-assumptions 6, -^g, and 
o; now 0XOT A b A A |= -^k. We can deduce this in a 
biconnected component-wise manner as follows. First, con- 
sider the /-cut partition {{Di, D4} , {D5, Dg}). Now 
Di A...AD4A6 1= ^/ and D5A...Ar'9A^gAoA^/ 1= ^k. 
For Dc^A...ADQA^gAoA^f |= ^fc we apply the theorem again 
by considering the /-cut partition {{Ds, Dg} , {D^, Dg, Dj}) 
of DzA...ADg: now D^ A Dq A Dt A^g A^f |= ^fc and thus 
the biconnected components {D^} and {Dg} are not needed 
in the derivation. For D^ A D^ A Dj A -^g A ^/ \^ ^k, we 
apply the theorem again by considering the h-cal partition 
{{D^} ,{De,Dj}): D^A^gA^f ^ hwd D^ADjAh^^k. 
Thus we can derive ^fc from (/!)xor A 6 A ^.g in a component- 
by-component fashion. 

We observe the following: some biconnected components 
can be singleton sets. For such components we can provide 
full propagation easily by the basic unit propagation. These 
singleton components originate from "tree-like" parts of (p^^oi. 
the trees can be "outermost" (constraints D^ and Dg in Fig.|2]) 
or between two non-tree-like components {D^ in Fig. [2]). Thus 
our new result in a sense subsumes one in |20|, where we 
suggested clausification of "outermost" tree-like parts. 

B. Experimental Evaluation 

To evaluate the relevance of detecting biconnected compo- 
nents, we studied the benchmark instances in "crafted" and 
"industrial/application" categories of the SAT Competitions 
2005, 2007, and 2009 as well as all the instances in the SAT 
Competition 2011 (available at http://www.satcompetition]] 
|org/[ ). To get rid of some "trivial" xor-constraints, we elim- 
inated unary clauses and binary xor-constraints from each in- 
stance by unit propagation and substitution, respectively. After 
this easy preprocessing, 474 instances (with some duplicates 
due to overlap in the competitions) having xor-constraints 
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Fig. 3. Reduction in memory usage for dense matrix representation when 
(i) tree-like xor-constraints are removed (ii) only biconnected components are 
counted in SAT 2005-2011 competition instances. In the latter case, although 
the dilference seems negligible in logarithmic scale, the memory consumption 
is reduced by additional 13.5% on average in 110 instances having multiple 
biconnected components. 

remained. We first examine how the memory usage can be 
improved by removing (i) tree-Hke xor-constraints and (ii) 
storing each biconnected component in a separate matrix. Fig- 
ure [3] shows the reduction in memory usage when using dense 
matrix representation to store the xor-constraints. As already 
reported in |20l, a significant proportion of xor-constraints 
in these competition instances are tree-like and performing 
additional reasoning beyond unit propagation cannot be used 
to detect more implied literals. Removing these tree-like xor- 
constraints from Gauss-Jordan matrices reduces the memory 
usage greatly. An additional reduction in memory usage is 
obtained by storing each biconnected component in a separate 
matrix. 

We ran minisat 2.0 core augmented with four different xor- 
reasoning modules (unit propagation, equivalence reasoning, 
Gauss-Jordan, and a variant of Gauss-Jordan exploiting bicon- 
nected components) and cryptominisat 2.9.2 on these instances. 
Figure |4] shows the number of instances solved with respect 
to the number of heuristic decisions. Unit propagation and 
equivalence reasoning perform similarly on these instances. 
Incremental Gauss-Jordan solves a substantial number of the 
instances almost instantly and also manages to solve more 
instances in total. The solver cryptominisat 2.9.2 performs 
very well on these instances. Figure |4] also shows the number 
of instances solved with respect to time. Since equivalence 
reasoning does not reduce the number of decisions, the com- 
putational overhead is reflected in the slowest solving time. 
Incremental Gauss-Jordan is computationally more intensive 
but complete parity reasoning pays off on these instances 
leading to fastest solving compared to our other xor-reasoning 
modules. Omitting tree-like xor-constraints from Gauss-Jordan 
matrices and splitting biconnected components into separate 
matrices offers a significant reduction in the solving time 
without sacrificing completeness of reasoning. To illustrate the 
effect of implied literals deduced by Gauss-Jordan, we also 
ran a solver using Gauss-Jordan only to detect conflicts and 
otherwise resorting to unit propagation. More instances are 
solved and faster when all implied literals are deduced. 

Biconnected components may be exploited even without 




50 100 150 200 250 300 

# solved instances 



Fig. 4. Number of SAT 2005-2011 competition instances solved w.r.t. 
decisions and time 

modifying the solver. The solver cryptominisat accepts a 
mixture of clauses and xor-constraints as its input. When 
Gaussian elimination is used, the solver stores each con- 
nected component in a separate matrix. By translating each 
singleton biconnected component into CNF, some non-trivial 
biconnected components may become connected components 
and are then placed into separate matrices improving memory 
usage. We considered the 110 SAT competition instances 
with multiple biconnected components and found 60 instances 
where some biconnected components could be separated by 
translating singleton biconnected components to CNF. FigurejS] 
shows the effect of the translation in the number of decisions 
and solving time. The solver cryptominisat 2.9.2 solves 44 of 
the unmodified instances. After the translation, cryptominisat 
2.9.2 is able to solve 50 instances and slightly faster 

V. Eliminating xor-internal variables 

A cnf-xor formula 0orA(/)xor may have xor-internal variables 
occurring only in ^xor- As suggested in lITTl . such variables 
can be eliminated from the formula by substituting them with 
their "definitions"; e.g. if xiS)X2®X3 = T is an xor-constraint 
where Xi is an xor-intemal variable, then remove the parity 
constraint and replace every occurrence of xi in all the other 
parity constraints by X2 (B x^ (B T. When using dense matrix 
representation, the matrices can be made more compact by 
eliminating xor-internal variables. For instance, one of our 
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Fig. 5. Effect in decisions and solving time for cryptominisat when singleton 
biconnected components in SAT competition instances are translated to CNF 

Trivium benchmark instances has 5900 xor-intemal variables 
out of 11484 variables and 8590 parity constraints in two 
connected components. The total number of elements in the 
matrices is 55 x 10^ elements. By eliminating all xor-internal 
variables this can be reduced to 8 x 10^ elements. The instance 
has three biconnected components (as all of our Trivium 
instances) and storing them in separate matrices requires 
33 X 10^ elements in total. But, if a cut variable connecting the 
biconnected components is xor-internal, it is eliminated and 
the two biconnected components are merged into one bigger 
biconnected component. To preserve biconnected components, 
only the variables occurring in a single biconnected component 
and not in the CNF-part should be eliminated. There are 
5906 such variables in the instances and after the elimination 
the total number of elements in three matrices is 5 x 10^. 
Figure [6] shows the effect of eliminating such variables in our 
Trivium instances. Unit propagation benefits from elimination 
of xor-intemal variables. Fewer watched literals (variables) are 
needed for longer xor-constraints to detect when an implied 
literal can be deduced. The solver configuration using incre- 
mental Gauss-Jordan elimination manages to solve all of our 
benchmark instances with reduced solving time. 
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Appendix 

In this appendix, we provide proofs for the Lemmas and 
Theorems in the paper Before the actual proofs, we provide 
some auxiliary results. 

For two xor-constraints D = (a; i ... © = p) and 
E = [yi ® ■■■ ® yi = q), we define their linear combination 
xor-constraint hy D + E = {xi (B ■■■ ® Xk ® yi ® ■■■ ® yi = 
p ® q)- Some fundamental, easy to verify properties are 
D + D + E = E, DAE^D + E, DAE^DA{D + E), 
and D A {D + E) \= D A E. Furthermore, the logical conse- 
quence xor-constraints of a conjunction 0xoi are exactly those 
that are linear combinations of the xor-constraints in (fi^o/. 

Lemma 5: Let ^ be a conjunction of xor-constraints. Now 
ifj is unsatisfiable if and only if there is a subset S of xor- 
constraints in ifj such that '^^Des^ =(-'- = T). If ip is 
satisfiable and E is an xor-constraint, then |= i? if and 
only if there is a subset S of xor-constraints in ij] such that 

Proof: There are two cases to consider. 

• Case I: is unsatisfiable. 

If there is a subset S of xor-constraints in if) such that 
SdgS D = {L = T), then, by iteratively applying 
Di A D2 h Di + D2, we have A^gg D ^ EoeS ^' 
i.e. J2dgS \= {-L = T), and thus is unsatisfiable. 
For the other direction, assume that ip is unsatisfiable. 
Represent the conjunction t/) as a system of linear equa- 
tions modulo two in matrix form. Gaussian elimination 
must result in an equation 0=1 mod 2 in some row 
r of the matrix. The row r is a linear combination 
of some original rows ri,...,r„. Each original row 
r.i corresponds to a distinct xor-constraint C{ri) in 1/;. 
Thus, S = {C(ri), . . . , C(r„)} C ■(/; is a subset of xor- 
constraints in such that J^Des D — {J- = T). 

• Case II: is satisfiable. 

If there is a subset S of xor-constraints in tp such that 
J^Des D = E, then, by iteratively applying Di A D2 \= 
Di + D2, we have Aues^ H J^oes^ ^^^^ 
^^^gD^E and ij\=E. 

Assume that t/j |= E. We have 7^ vars(£^) C vaTs{tp). 
Create a (reduced row echelon form) tableau £ for tp with 
the following property holding for each equation e: if e 
has a non-basic variable occurring in E, then the basic 
variable of e also occurs in E. Such a tableau can be 
obtained by applying the swap operator at most |vars(£')| 
times to a tableau for ip. By construction, each equation 
e of form x := xi (B ■■■ (B Xk ® p in £ corresponds to 
a linear combination Cg = (a; ® a;i ® ... ® a;^ = p) 
of a subset Se of xor-constraints in ip. Consider the 
Hnear combination E' = Eee£Avars(e)nvars(£;)#0 of 
equations in £ having at least one common variable with 
E. It holds that Tp ^ E' . As ip \= E and ip \= E' , it also 
holds that E AE' and thus ip E + E' . We have 
three cases to consider: 
- Case A: E + E' ~ {L = T). This is not possible as 
ip would be unsatisfiable. 



- Case E + E' = {L = IP). Now E' is equal to E. 
Thus there is a subset S of xor-constraints in %p such 
that X^DeS D = E, namely the ones that appear an 
odd number of times in Uee£Avars(e)nvar.(iJ)#0 -^-e 
(whose linear combination E' is). 

- Case C: E + E' is yi® .■■<3) yu = P with A: > 1. All 
the variables yi,...,yk must be non-basic variables 
in £ because (i) all the basic variables of £ occurring 
in E also occur in £", and (ii) the basic variables of 
£ not occurring in E are not included in E' either 
But because yi,...,yk are non-basic variables, we 
can build the following satisfying truth assignment 
T for ^p: (i) assign yi,...,yk some values such that 
that r(yi) ... T{yk) ^ p, (ii) assign the other 
non-basic variables in £ with arbitrary values, and 
(iii) evaluate the values of the basic variables. Thus 
it is not possible that tp |= {yi ® ■■■ (B yt = p) ™d 
the case of E + E' equaling to j/i © ... © = p is 
impossible. 

■ 

Another key property of tableaux is that the equations in 
them are logical consequences of the represented conjunction 
of xor-constraints: 

Fact 6: If £ is a tableau for ^xm-^ then Xi := Xi^i © ... © 
Xi,ki ®Pi & £ implies (p^^r \= {xi © Xi^i © ... © Xi^ki = Pi)- 

A. Proof of Lemma [7] 

Lemma \I} Let {£,t) be a propagation saturated assigned 
tableau for cp^^r- The formula 0xor A /\^^^^^^^{x = v) is 
satisfiable if and only if {£, r) is consistent. 

Proof: First, assume that {£,t) is consistent. Extend the 
assignment r into a total one r' by (i) assigning arbitrary val- 
ues to the unassigned non-basic variables, and (ii) evaluating 
the unassigned basic variables according to their equations. As 
{£, t) is propagation saturated and consistent, the resulting 
truth assignment r' does not violate any of the equations. 
Because ^^^..=^^_,^...(Sx^_^^®p^&si^^®^^^® = Pr) is 
logically equivalent to ^xor, formula 0xor A t\(x^v)eTi^ = ^) 
is satisfied by r'. 

Now, assume that {£,t) is inconsistent. Then there is 
an equation Xi :— © ... © Xi^fc. © such that t{x) 
is defined for all x G {xi, x^^i, Xi^fc;} and T{xi) 7^ 
T(xi,i)©...©T(a;i,feJ©p,. By Fact. |6] 0xor h ( 

Xi © Xi 1 © 

... © Xi.fe. = Pi). Now T or any of its extensions do not 
satisfy [xi © Xi^i © ... © Xi^ki = Pi)\ thus r or any of its 
extensions do not satisfy <p^o^ either As a result, the formula 
4>y.or A A(x^v)eTi^ = is unsatisfiable. ■ 

B. Proof of Lemma [2] 

Lemma |2} Let {£, t) be a consistent, propagation saturated 
assigned tableau for (p^or- For each literal y = Vy \t holds 
that (p^or /\ K(x^^^)er{^ = ^'■^) h (2/ = Vy) if and only if 

T{y) = Vy. 

Proof: If T{y) = Vy, then 0xoi- A A(:rH^i,jer = H 
[y = Vy) holds trivially as (y n- g r. 



Assume that (j)^^, A A(xK->,;,)6r = '"x) 1= (v = ^y) holds. 
As {£, t) is consistent and propagation saturated, by Lemma [T| 
</'xoi A/\j-^^„^-)g^(a; = Vx) is satisfiable. Suppose that £ has n 
non-basic variables not assigned by r. As (£, r) is consistent 
and propagation saturated, there are 2" total extensions of 
T that respect the equations in £, obtained by assigning 
arbitrary values to the unassigned non-basic variables and 
then evaluating the unassigned basic variables. All these 
extensions satisfy (/)xor A A(2:h^i,^)gT(^ = ^x)- For each r- 
unassigned variable y there is thus at least one satisfying 
truth assignment where y is _L and one where y is T. Thus 
0xor A A(a;H>i,,)er(2^ = ^x) \= {v = Vy) Can hold only if y is 
assigned by r and T{y) ~ Vy. ■ 

C. Proof of Lemma [i] 

Lemma\3}i Let (£,t) be a consistent, propagation saturated 
assigned tableau for (/)xoi-. For any two distinct variables y, z 
and any p e B, it holds that A A{x^v^)eTi^ = h 
{y (B z = p) if and only if 

1) T{y) and t(z) are both defined and r(?/) t(z) = p, 

2) T(y) and r(z) are undefined and £ has an equation e of 
form y :— ... (B z (B ■■■ such that ej,- is y := z © p, where 
e|r is the equation obtained from e by substituting the 
variables in it assigned by r with their values, 

3) T{y) and r(z) are undefined and £ has an equation e of 
form z := ... (B y ® ... such that e\r is z := y (Bp, or 

4) r(y) and t(z) are undefined and £ has two equations, 
Cy and Cj, of forms y := ... and z := ... such that Cylr 
is ?/ /, CzIt is z := and f ® g equals p. 

Proof Because {£,t) is consistent and propagation sat- 
urated, there are 2" total extensions of r that respect all the 
equations in £, obtained by assigning arbitrary values to the n 
T-unassigned non-basic variables in {£, t) and then evaluating 
the T-unassigned basic variables according to the equations. 
In the following, the set of all such extensions is denoted by 
r. Furthermore, all such total extensions also satisfy (/)xor A 
N{x^v^)er{x = because Ax.:=x,,ie...®a;.,,,ep,ef (^^^ © 
Xi^i (B ... ® Xi.fe. = Pi) is logically equivalent to 0xor- For 
the same reason, they are also the only truth assignments over 

vars((?;'xor) that satisfy (j^xoi-^Aix^v^jeri^ = '"x)- ^^^^ 
T-unassigned variable x, there is an extension t' e F with 
t'{x) = _L and another extension t" e F with t"(x) — T. 

First, assume that T(y) and t(z) are both defined. Now it 
is straightforward to observe that T(y) © t(z) = p if and only 
if 0xor A A(^x>~^^^)eTi^ = Vx)\=iy(Bz = p). 

Second, assume that t(?/) is defined but t(z) is not (the 
case when t{z) is defined but T{y) is not is symmetric to 
this). As z is T-unassigned, there is a t' G F with t'{z) — _L 
and a t" e F with t'(z) = T. As t' and t" also satisfy 

z = p) cannot hold. 

Lastly, assume that T{y) and t{z) are both undefined. We 
have four cases to consider. 

1) y and z are both non-basic variables. Now there are 
extensions ti , T2 , T3 , T4 G F covering all the four truth 



value combinations possible for the variable pair y and 
z. As all these also satisfy (j)„ov A A(xM.i;,)Gr = "2;), 
(/>xor A /\(^x>~^.^^)eri^ = '"x) \= {y®z = p) cannot hold. 

2) y is a basic variable and z is a non-basic variable. 
Take the equation e of form y := ... for y in £. As 
{£,t) is consistent and propagation saturated, and y is 
T-unassigned, there is at least one T-unassigned variable 
in the right hand side of e. 

If eji- is y :— z <B p for some p G B, i.e. there is 
exactly one T-unassigned variables in the right hand side 
of e and that variable is z, then the value of y is fully 
determined by the value of z in each t' e F, and thus 

'/>xor A Ai^x^^^)er(^ = Vx)^{y®z = p) holds. 
On the other hand, if (/)xoi- A A(xH^«,)Gr(^ = '"^) 1= iv® 
z = p) holds, then the value of y is fully determined 
by the value of z in each t' e F and thus e\r must be 

y := z®p. 

3) z is a basic variable and y is a non-basic variable. This 
case is symmetric to the previous one. 

4) y and z are both basic variables. 

If £ has two equations, Cy and e^, of forms y :— ... 
and z ... such that eyj,- is y /, e^jr is z := g, 
and f (B g (with duplicate variables eliminated) equals 
p, then / and g must contain the same variables as 
otherwise f (B g would not equal p. Thus Cy and 
must contain the same T-unassigned variables and 
consequently T'(y) = t'{z) (B p for each t' € F, 
implying 0xor A \x^^^)eTi^ = v^) ^ {y ® z = p). 
If 0xorAA(:rH^„jg^(a; = W:r) ^ {y (B z = p) holds, 
then the equations Cy and ez for y and z, resp., must 
contain the same T-unassigned non-basic variables be- 
cause otherwise there would be extensions t' , t" e F 
such that T'(y) = T"(y) but t'(z) 7^ t"(z) and 
-/-xor A l\(x^v^)<^Ti^ = Vx) ^ {y ® z = p) would not 
hold. As a consequence, eylr is y :— f, Czlr is z := g, 
and / ® 5 equals p. 



D. Proof of the Decomposition Theorem |4] 

Theorem^ Let (V^,Vb) be an a; -cut partition of 0xor- 
Let (jjl^, = Adsv;,^' '?^xor Adg^A and li,...,lkj e 
lits((/)xoi-)- Then it holds that: 

• If 0xor A li A ... A Ik is unsatisfiable, then 

1) ^xor A fi A ... A ffc or (ptor A /i A ... A [fc is unsatisfi- 
able; or 

2) A fi A ... A 4 h (2^ = P..) and 0^^, A 
Zi A ... A Ik \^ {x = Px®~^) for some G {-L, T}. 

• If (f>xorAli A ... A Ik is satisfiable and 0xoi AZi A ... A ^ 

then 

1) (bl,, A /\a ... a /\ 1= i or ,^5^, Ah A... A Ik h or 

2) A fi^A ... A 4 h = P^) and (/.^^^ A 
li A ... Alk A {x = Px) \= h or 

3) <P\^^ A fi A ... A 4 h (2^ = P..) and A 
h A ... A h A {x=px) h 



Proof: Let (V/, V^) be an x-cut partition of 0xor A (/i) A 
... A (4) with vars(T4') = vars(Va), vars(Vb') = vars(Vb), 
Vi C Vjj', and H C Vj,'. Such partition exists because the xor- 
assumption literals U are unit xor-constraints. 

Case I: (/)xoi- A [i A ... A ft is unsatisfiable. By Lemma Js] 
there is a subset S of xor-constraints in (/)xoi- A [li) A ... A [Ik) 
such that X^DeS -D = (-L = T). Observe that X^DeS ^ ~ 
(EDeK'ns^H(EDev^,'n5^)- If Ed^KTiS^ = ^ T), 
then a liA...Alk is also unsatisfiable. Similarly, if 
Hoev^ns^ = (-L = T), then ^^^^ A Z~i A ... A h is unsat- 
isfiable. Otherwise, it must be that "YliDevns D = (x = px) 
and X_Deyns D — {x = Px®~\') with p^; e {±, T} because 
K'nK = i vars(K') n vars(K) - {x} and (Ei^ey.'ns ^)+ 
(Edsk'hs D) = (± ^ T). Thus A /i A ... A h h = 
p^) and A fi A ... hju h = ® T). 

Case U: (f)^Q^/\li/\.../\lk is satisfiable and 0xorA/iA...AZfc |= Z 
with I = (y = py) for some variable y andpj, G {-L, T}. There 
is a subset 5 of xor-constraints in 0xoi- A (Zi) A ... A {Ik) such 
that EdsS -D = (y = -Py)- Again, observe that (Ezjes ^) = 
(EdgK'hS^) + (Enev/ns-O) ™d *us it must be that 
either y £ vars(X;DeK,'ns ^) or y e vars(XBev,'ns ^) 
but not both. Assume that y e vars(XDgv''n5 -^)' 'he 
other case is symmetric. Now vars(XDgV"ns -^5 ^ {^^l ™d 
vars(X£,ey,'ns^) ^ y}- If 2: G vars(X;i56y,'n5 -^)' 
then Edgi/'hs^ = (a; = p^^) for a e {-L,T}, 

(f>l^^. AhA...Alk h (x = Px), Hoev-nsD ^ {x ® 
y = Px® Py), and A h A ... A h A (x ee p^;) h y ® 
If a; ^ vars(Xi)e^/,'nS^)' *en x vaTs{J2DeV^nS 
Ecei/'ns D = {y = Py), and A A ... A h h (y = Py)- 



